Security Analyst

About this team
The lululemon Cybersecurity team enables lululemon to conduct its global operations in a secure
manner and safeguard the trusted information of its guests and users. This is accomplished by
understanding business risk as manifested through cybersecurity and compliance risk and by
maintaining a high degree of employee awareness of all security and compliance topics. To further
enhance our team we are looking for a GRC Compliance Specialist with demonstrated expertise with
SOX 404 specifically with respect to IT General Controls
A Day in the Life:
In this role you will work collaboratively with the Cybersecurity GRC team along with stakeholders
across the business to assess review verify and and audit technology controls related to GRC
Compliance. The GRC Compliance Specialist will be responsible for coordinating the collection of
evidence walkthrough meetings remediation and ensuring that teams are educated on what is
required of them. Following are key areas of responsibility for this role:
Responsible for assisting with the delivery of the IT SOX program and ensuring the effectiveness
of lululemons technology internal control environment.
Responsible for documenting the SOX control design narratives and SOX control operating
effectiveness testing for in-scope systems and tools.
Works collaboratively with stakeholders across technology and system stakeholders to ensure
effective technology controls are in place to meet SOX requirements.
Serves as a subject matter expert (SME) for SOX IT compliance across the organization.
Proactively communicates changes in regulatory or audit requirements to teams and helps drive
the implementation of new or updated controls.
Partners with Global Architecture and Technology teams to understand current and future
strategies that may impact SOX-relevant systems and processes.
Identifies evaluates documents and monitors the remediation of control deficiencies with an
emphasis on assisting process and IT control owners in timely and effective remediation.
Assists with quarterly SOX control certifications and management attestations.
Automates and assists in gathering audit evidence for internal and external SOX audits.
Applies a risk-based approach to planning executing and reporting on SOX-related audit
engagements.
Creates efficiencies for audit engagements by establishing and maintaining document request
lists and centralized evidence repositories.
Provides metrics and reporting decks to demonstrate that the IT SOX program delivers expected
outcomes and effectively supports business objectives.

Qualifications:
5 years of experience in Security GRC IT Audit or a related field with a strong focus on SOX
compliance and IT General Controls (ITGCs) in a retail environment
Big 4 IT Audit experience or similar is required with demonstrated expertise in evaluating and
testing ITGCs and application controls supporting financial reporting
Deep understanding of SOX Section 404 requirements including risk assessment control design
and effectiveness testing
Experience working with internal and external auditors including managing walkthroughs
evidence collection and audit issue resolution
Strong knowledge of ITGC domains such as access controls change management IT operations
and system development lifecycle (SDLC)
Familiarity with retail-specific systems (ex. Oracle EBS Retail Management Systems Order
Management Systems Warehouse Management Systems) and how they intersect with SOX
compliance
Experience with cloud platforms (e.g. AWS Azure) SaaS applications and their implications for
SOX controls
Proficiency in using GRC tools like ServiceNow to streamline audit workflows and evidence
management
Proven ability to drive remediation efforts track control deficiencies and support control
owners in implementing sustainable solutions
Strong communication and stakeholder management skills with the ability to influence cross-
functional teams and align on compliance priorities
Demonstrated ability to work in a fast-paced global retail environment managing multiple
priorities and time zones
Professional certifications such as CISA CPA or CIA are required

Required Skills : SOXAzureOracle

Basic Qualification :

Additional Skills :

Background Check : No

Drug Screen : No